Updating device certificate

f5mkuDefault · ‎26-Mar-2021

Hi experts,

I am trying to update my device certificates.

what is the difference between these 2?

System >> Certificate Management : Device Certificate Management : Device Certificate Signing Request >> server.csr

System >> Certificate Management : Traffic Certificate Management : SSL Certificate List >> New SSL Certificate (Then create using Certificate Authority)

This is because when I genereated CSR I used the 2nd one, I forgot to create it under the device certificate management.

Will this still work?

Thank you in advance.

Patrik_Jonsson · ‎28-Mar-2021

Hi there

As long as you have a valid certificate and key you can import them as a Decide Certificate. So if the subject names in the CSR also covers the FQDN of the device you want to have the certificate for it will work just fine.

Go to Certificate Management -> Device Certificate Management -> Device Certificate
Click Import
Choose Certificate and Key from the drop-down
Paste/upload a valid certificate and key pair
Click import

Kind regards,

Patrik

f5mkuDefault · ‎31-Mar-2021

Thanks Patrick. it did work however I need to bundle the certificate (cert + chain + root).

Patrik_Jonsson · ‎01-Apr-2021

If you're running a newer device you can add the chain via the UI:

If running a v12 you can follow this guide:

https://support.f5.com/csp/article/K13302

f5mkuDefault · ‎07-Apr-2021

thank you, actually i got confuse with that but I am certain the CSR can be taken from any machine. Can also be taken from a winserver etc.

I just got confused why there are 2 ways to do it in F5. One that is dedicated for device management and another for app services.

but anyway I was able to get it working by bundling the cert, chain and root.

Installing the cert, chain and root separate in F5 it does not work.

DevCentral

Updating device certificate

Khoros Kudos Award 2022